Ralnoc commented on issue #3619: URL: https://github.com/apache/iceberg/issues/3619#issuecomment-1584589287
As I see it, this integration would have to be done in one of two ways: 1) Integration into the Runtime components, which would take time as it would require updates to everything that has built a Iceberg integration. (Trino, Spark, Hive, etc.) 2) Integration into the Rest Catalog, This would allow for a custom error response if the use is unauthorized. This difficulty in this would be that the Rest Catalog would need improvements on Authentication as well as implementing Ranger support for Authorization. It would really need to be able to support more than just OAUTH2 (LDAP and SAML2 come to mind) And pass that user information to the Ranger integration for validating Authorization. I wouldn't mind writing up a proposal on this, but I would like some guidance on which direction would be preferred. I admit that I'm personally more inclined to the addition of it into the Rest Catalog, as it seems to make more sense to have it there. Since doing so would protect not only the data attempting to be accessed, but the metadata surrounding it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
